<!doctype html><html lang dir=ltr><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><title>漏洞提交说明 | Hui.Ke - Blog</title><meta name=generator content="Hugo Eureka 0.9.3"><link rel=stylesheet href=https://b.hui.ke/css/eureka.min.9cec6350e37e534b0338fa9a085bf06855de3b0f2dcf857e792e5e97b07ea905d4d5513db554cbc26a9c3da622bae92d.css><script defer src=https://b.hui.ke/js/eureka.min.fa9a6bf6d7a50bb635b4cca7d2ba5cf3dfb095ae3798773f1328f7950028b48c17d06276594e1b5f244a25a6c969a705.js></script>
<link rel=preconnect href=https://fonts.googleapis.com><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=preload href="https://fonts.googleapis.com/css2?family=Lora:wght@400;600;700&family=Noto+Serif+SC:wght@400;600;700&display=swap" as=style onload='this.onload=null,this.rel="stylesheet"'><link rel=stylesheet href=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/styles/vs.min.css media=print onload='this.media="all",this.onload=null' crossorigin><script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/highlight.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/bash.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/ini.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/json.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/php.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/python.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/shell.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/sql.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/x86asm.min.js crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@11.4.0/build/languages/xml.min.js crossorigin></script>
<link rel=stylesheet href=https://b.hui.ke/css/highlightjs.min.2958991528e43eb6fc9b8c4f2b8e052f79c4010718e1d1e888a777620e9ee63021c2c57ec7417a3108019bb8c41943e6.css media=print onload='this.media="all",this.onload=null'><script defer type=text/javascript src=https://lib.baomitu.com/font-awesome/6.1.1/js/all.min.js></script>
<link rel=stylesheet href=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.css integrity=sha384-MlJdn/WNKDGXveldHDdyRP1R4CTHr3FeuDNfhsLPYrq2t0UBkUdK2jyTnXPEK1NQ media=print onload='this.media="all",this.onload=null' crossorigin><script defer src=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/katex.min.js integrity=sha384-VQ8d8WVFw0yHhCk5E8I86oOhv48xLpnDZx5T9GogA/Y84DcCKWXDmSDfn13bzFZY crossorigin></script>
<script defer src=https://cdn.jsdelivr.net/npm/katex@0.15.2/dist/contrib/auto-render.min.js integrity=sha384-+XBljXPPiv+OzfbB3cVmLHf4hdUFHlWNZN5spNQ7rmHTXpd7WvJum6fIACpNNfIR crossorigin></script>
<script>document.addEventListener("DOMContentLoaded",function(){renderMathInElement(document.body,{delimiters:[{left:"$$",right:"$$",display:!0},{left:"$",right:"$",display:!1},{left:"\\(",right:"\\)",display:!1},{left:"\\[",right:"\\]",display:!0}]})})</script><script defer src=https://cdn.jsdelivr.net/npm/mermaid@8.14.0/dist/mermaid.min.js integrity=sha384-atOyb0FxAgN9LyAc6PEf9BjgwLISyansgdH8/VXQH8p2o5vfrRgmGIJ2Sg22L0A0 crossorigin></script>
<link rel=icon type=image/png sizes=32x32 href=https://b.hui.ke/icon_hub7ca0b5404c6d576559b2bd22c64b0e5_2009_32x32_fill_box_center_3.png><link rel=apple-touch-icon sizes=180x180 href=https://b.hui.ke/icon_hub7ca0b5404c6d576559b2bd22c64b0e5_2009_180x180_fill_box_center_3.png><meta name=description content="  为规范漏洞提交标准，提升效率，用此文对漏洞提交进行说明。"><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Posts","item":"https://b.hui.ke/posts/"},{"@type":"ListItem","position":2,"name":"漏洞提交说明","item":"https://b.hui.ke/posts/hw-vulnerability-submission-instructions/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"Article","mainEntityOfPage":{"@type":"WebPage","@id":"https://b.hui.ke/posts/hw-vulnerability-submission-instructions/"},"headline":"漏洞提交说明 | Hui.Ke - Blog","datePublished":"2020-07-02T15:56:53+08:00","dateModified":"2020-07-02T15:56:53+08:00","wordCount":1857,"author":{"@type":"Person","name":"Hui.ke"},"publisher":{"@type":"Person","name":"Hui.Ke","logo":{"@type":"ImageObject","url":"https://b.hui.ke/icon.png"}},"description":"\u003cp\u003e  为规范漏洞提交标准，提升效率，用此文对漏洞提交进行说明。\u003c\/p\u003e"}</script><meta property="og:title" content="漏洞提交说明 | Hui.Ke - Blog"><meta property="og:type" content="article"><meta property="og:image" content="https://b.hui.ke/icon.png"><meta property="og:url" content="https://b.hui.ke/posts/hw-vulnerability-submission-instructions/"><meta property="og:description" content="  为规范漏洞提交标准，提升效率，用此文对漏洞提交进行说明。"><meta property="og:site_name" content="Hui.Ke - Blog"><meta property="article:published_time" content="2020-07-02T15:56:53+08:00"><meta property="article:modified_time" content="2020-07-02T15:56:53+08:00"><meta property="article:section" content="posts"><meta property="article:tag" content="Vulnerability"><meta property="article:tag" content="漏洞"><meta property="og:see_also" content="https://b.hui.ke/posts/cyber-security-abbreviations/"><meta property="og:see_also" content="https://b.hui.ke/posts/pentest-code-of-conduct/"><script>!function(e){"use strict";!function(){var i,s=window,o=document,a=e,c="".concat("https:"===o.location.protocol?"https://":"http://","sdk.51.la/js-sdk-pro.min.js"),n=o.createElement("script"),r=o.getElementsByTagName("script")[0];n.type="text/javascript",n.setAttribute("charset","UTF-8"),n.async=!0,n.src=c,n.id="LA_COLLECT",a.d=n,i=function(){s.LA.ids.push(a)},s.LA?s.LA.ids&&i():(s.LA=e,s.LA.ids=[],i()),r.parentNode.insertBefore(n,r)}()}({id:"Jgb8aUbG5e3rqhrs",ck:"Jgb8aUbG5e3rqhrs",autoTrack:!0,hashMode:!0})</script><body class="flex min-h-screen flex-col"><header class="min-h-16 pl-scrollbar bg-secondary-bg fixed z-50 flex w-full items-center shadow-sm"><div class="mx-auto w-full max-w-screen-xl"><script>let storageColorScheme=localStorage.getItem("lightDarkMode");((storageColorScheme=="Auto"||storageColorScheme==null)&&window.matchMedia("(prefers-color-scheme: dark)").matches||storageColorScheme=="Dark")&&document.getElementsByTagName("html")[0].classList.add("dark")</script><nav class="flex items-center justify-between flex-wrap px-4 py-4 md:py-0"><a href=/ class="me-6 text-primary-text text-xl font-bold">Hui.Ke - Blog</a>
<button id=navbar-btn class="md:hidden flex items-center px-3 py-2" aria-label="Open Navbar">
<i class="fas fa-bars"></i></button><div id=target class="hidden block md:flex md:grow md:justify-between md:items-center w-full md:w-auto text-primary-text z-20"><div class="md:flex md:h-16 text-sm md:grow pb-4 md:pb-0 border-b md:border-b-0"><a href=/posts/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 selected-menu-item me-4">Posts</a>
<a href=/docs/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Docs</a>
<a href=/categories/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Categories</a>
<a href=/series/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Series</a>
<a href=/tags/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Tags</a>
<a href=/love/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">Love</a>
<a href=/about/ class="block mt-4 md:inline-block md:mt-0 md:h-(16-4px) md:leading-(16-4px) box-border md:border-t-2 md:border-b-2 border-transparent me-4">About</a></div><div class=flex><div class="relative pt-4 md:pt-0"><div class="cursor-pointer hover:text-eureka" id=lightDarkMode><i class="fas fa-adjust"></i></div><div class="fixed hidden inset-0 opacity-0 h-full w-full cursor-default z-30" id=is-open></div><div class="absolute flex flex-col start-0 md:start-auto end-auto md:end-0 hidden bg-secondary-bg w-48 rounded py-2 border border-tertiary-bg cursor-pointer z-40" id=lightDarkOptions><span class="px-4 py-1 hover:text-eureka" name=Light>Light</span>
<span class="px-4 py-1 hover:text-eureka" name=Dark>Dark</span>
<span class="px-4 py-1 hover:text-eureka" name=Auto>Auto</span></div></div></div></div><div class="fixed hidden inset-0 opacity-0 h-full w-full cursor-default z-0" id=is-open-mobile></div></nav><script>let element=document.getElementById("lightDarkMode");storageColorScheme==null||storageColorScheme=="Auto"?document.addEventListener("DOMContentLoaded",()=>{window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change",switchDarkMode)}):storageColorScheme=="Light"?(element.firstElementChild.classList.remove("fa-adjust"),element.firstElementChild.setAttribute("data-icon","sun"),element.firstElementChild.classList.add("fa-sun")):storageColorScheme=="Dark"&&(element.firstElementChild.classList.remove("fa-adjust"),element.firstElementChild.setAttribute("data-icon","moon"),element.firstElementChild.classList.add("fa-moon")),document.addEventListener("DOMContentLoaded",()=>{getcolorscheme(),switchBurger()})</script></div></header><main class="grow pt-16"><div class=pl-scrollbar><div class="mx-auto w-full max-w-screen-xl lg:px-4 xl:px-8"><div class="grid grid-cols-2 gap-4 lg:grid-cols-8 lg:pt-12"><div class="bg-secondary-bg col-span-2 rounded px-6 py-8 lg:col-span-6"><article class=prose><h1 class=mb-4>漏洞提交说明</h1><div class="text-tertiary-text not-prose mt-2 flex flex-row flex-wrap items-center"><div class="me-6 my-2"><i class="fas fa-calendar me-1"></i>
<span>2020-07-02</span></div><div class="me-6 my-2"><i class="fa-solid fa-pen-to-square me-1"></i>
<span>2020-07-02</span></div><div class="me-6 my-2"><i class="fas fa-clock me-1"></i>
<span>4 min read</span></div><div class="me-6 my-2"><i class="fas fa-folder me-1"></i>
<a href=https://b.hui.ke/categories/it/ class=hover:text-eureka>IT</a></div><div class="me-6 my-2"><i class="fas fa-th-list me-1"></i>
<a href=https://b.hui.ke/series/penetration-test/ class=hover:text-eureka>Penetration Test</a></div><div class="me-6 my-2"><i class="fa-solid fa-eye me-1"></i>
<span id=busuanzi_value_page_pv><i class="fa fa-spinner fa-spin"></i></span> Hits</div></div><p>  为规范漏洞提交标准，提升效率，用此文对漏洞提交进行说明。</p><h2 id=一重要提醒>一、重要提醒</h2><h3 id=请特别注意漏洞的提交规范否则会影响漏洞是否忽略最终定级等判断>请特别注意漏洞的提交规范，否则会影响漏洞是否忽略、最终定级等判断。</h3><h3 id=漏洞评审规则>漏洞评审规则</h3><p>  初审（漏洞复现）→ 复审（漏洞定级，CVSS3.0）→ 漏洞报告质量审核</p><h3 id=漏洞接收原则>漏洞接收原则</h3><ol><li>鼓励漏洞组合利用（特指低危、中危漏洞进行组合利用后，放大危害，提升至高危）；</li><li>鼓励多截图多证明漏洞危害性；</li><li>鼓励手动测试，深入研究漏洞利用；</li></ol><h3 id=敏感数据定义>敏感数据定义</h3><p>  敏感信息定义如下：行踪轨迹信息、通信内容、征信信息、财产信息、住宿信息、通信记录、健康生理信息、交易信息及其它用户信息泄露（姓名/身份证、银行卡信息、手机号/邮箱、密码、地址）</p><h2 id=二漏洞提交填写说明>二、漏洞提交填写说明</h2><h3 id=漏洞标题>漏洞标题</h3><p>  对于漏洞标题，需要注意区分此次<strong>提交漏洞数目</strong></p><p>  统一提交格式: 【单一/组合】漏洞_【系统名字】【漏洞名称】</p><h4 id=单一漏洞提交>单一漏洞提交</h4><p>  如弱口令漏洞，可命名为：单一漏洞某系统弱口令漏洞</p><p>  如 SQL 注入漏洞，可命名为：单一漏洞_网站前台 SQL 注入漏洞</p><h4 id=组合漏洞提交必须证明漏洞关联性>组合漏洞提交（必须证明漏洞关联性）</h4><p>  如后台 getshell，可命名为：组合漏洞某系统后台文件上传 getshell</p><p>  如后台 SQL 注入，可命名为：组合漏洞某系统弱口令登入后台 SQL 注入</p><p>  <strong>不接受无关联漏洞堆砌，如发现一律按提交漏洞中最低等级定级！</strong></p><p>  <strong>组合漏洞不建议：多个高危漏洞组合提交，否则最终会仅按照一个高危评分。</strong></p><h3 id=漏洞资产重要必填>漏洞资产（重要，必填）</h3><p>  选择系统中本次给出的目标资产。</p><p>  注意：下方填写的【漏洞 url 位置】或【漏洞 IP】如果与此处<strong>不一致</strong>，务必在【复现步骤】中证明两者关联关系，<strong>必须保证系统为同一主体（同一单位），否则不接收</strong></p><p>  例如：网站的前台和后台关系，可以接收，但是在目标资产上存在跳出页面，跳出页面主体为另一家单位，该漏洞不接收。</p><p>  （此处纳入漏洞接收标准，<strong>初审</strong>有权对未在资产范围的漏洞，给予忽略处理）</p><p>  忽略理由：该漏洞未在符合的资产范围内，不予以接收</p><h3 id=漏洞-url-位置选填>漏洞 url 位置（选填）</h3><p>  如果是 web 漏洞（对应 Web 资产），此处需填写具体的漏洞 url 地址，必填</p><p>  此处填写的地址必须和漏洞复现中存在的漏洞地址保持一致</p><p>  （此处纳入漏洞接收标准，<strong>初审</strong>有权对前后填写不一致的漏洞，给予忽略处理）</p><p>  忽略理由：漏洞 url 填写地址与复现步骤涉及漏洞地址不一致，请确认后重新提交。</p><h3 id=漏洞-ip选填>漏洞 IP（选填）</h3><p>  如果是主机漏洞（对应 IP 资产），此处需要填写实际存在漏洞的ip地址，必填</p><p>  此处填写的地址必须和漏洞复现中存在的漏洞地址保持一致</p><p>  （此处纳入漏洞接收标准，<strong>初审</strong>有权对前后填写不一致的漏洞，给予忽略处理）</p><p>  忽略理由：漏洞 ip 填写地址与复现步骤涉及漏洞地址不一致，请确认后重新提交。</p><h3 id=漏洞描述重要必填>漏洞描述（重要，必填）</h3><p>  简要描述当前挖掘的漏洞类型，<strong>如实说明当前漏洞危害性</strong>。（此处纳入报告质量考核，CVSS 漏洞危害评价，<strong>初审</strong>有权对未如实描述的漏洞危害，给予忽略处理）</p><p>  例如：当前 xxx 后台管理系统存在弱口令漏洞，用户名: admin，密码: 123，攻击者利用该漏洞，可以造成5千多条系统内部用户数据泄露。</p><p>  忽略理由：报告质量不佳，请补充 xxx 数据包后（根据实际情况填写欠缺点），重新提交。</p><h3 id=影响参数选填>影响参数（选填）</h3><p>  主要填写 url 参数，或者填写漏洞参数点</p><p>  例如：SQL 注入下，填写注入点</p><h3 id=漏洞-poc-请求包重要必填>漏洞 POC 请求包（重要，必填）</h3><p>  给出漏洞利用的数据包，要求为，凡是【复现步骤】里给出的 Burpsuite 或其他抓包工具抓到的数据包，必须填入此处，多个注意分割。（此处影响 CVSS 漏洞利用性评价， 初审有权对 SQL 注入未提交数据包的，直接给予忽略处理，其他情形需要裁判组进行定夺。）</p><p>  例如: SQL 注入，填写整个数据包，**对于 sqlmap 自动化利用的可以在参数点打 *，同时绘出 sqlmap 命令。**其他漏洞可根据实际情况，进行填写</p><p>  <strong>如用一些常用工具（github 能下载到）造成的漏洞利用</strong>，无法给出具体数据包，可不填写</p><p>  忽略理由：SQL 注入未给出数据包，请重新提交漏洞。</p><h3 id=补充说明选填>补充说明（选填）</h3><p>  对于一些不是属于漏洞构成的内容可以填写</p><p>  例如：这是对 xxxxx 编号漏洞的补充说明；这是对 xxxxx 编号弱口令漏洞的深入利用</p><h3 id=复现步骤重要必填>复现步骤（重要，必填）</h3><p>  对于漏洞利用的详细步骤，此处注意，不要只给出图片，同时需要给出图片上的 url 地址。</p><p>  Burpsuite 或其它抓包工具，抓到的数据包需在【漏洞 POC 请求包】中给出。（此处纳入报告质量考核，CVSS 漏洞危害评价）</p><p>  <strong>注册用户使用的注册信息（用户名及密码）也需注意写入</strong></p><h3 id=修复方案重要必填>修复方案（重要，必填）</h3><p>  对于漏洞的实际修复方案，注意格式规范（此处纳入报告质量考核）</p><p>  例如：针对弱口令漏洞，建议系统管理员或系统维护人员对密码口令进行修改，口令强度进行硬性要求（建议长度 8 位，为大小写字母、数字和特殊字符的组合）。如果因系统硬件或软件版本问题造成密码无法修改，可通过 ACL 策略限制登陆服务器的 IP 地址和端口，以减小安全隐患爆发的概率。</p></article><div class=my-4><a href=https://b.hui.ke/tags/vulnerability/ class="inline-block bg-tertiary-bg text-sm rounded px-3 py-1 my-1 me-2 hover:text-eureka">#Vulnerability</a>
<a href=https://b.hui.ke/tags/%E6%BC%8F%E6%B4%9E/ class="inline-block bg-tertiary-bg text-sm rounded px-3 py-1 my-1 me-2 hover:text-eureka">#漏洞</a></div><div class=py-2><div class="my-8 flex flex-col items-center md:flex-row"><a href=https://b.hui.ke/authors/hui.ke/ class="md:me-4 text-primary-text h-24 w-24"><img src=https://b.hui.ke/bagua.webp class="bg-primary-bg w-full rounded-full" alt=Avatar></a><div class="mt-4 w-full md:mt-0 md:w-auto"><a href=https://b.hui.ke/authors/hui.ke/ class="mb-2 block border-b pb-1 text-lg font-bold"><h3>Hui.Ke</h3></a><span class="block pb-2">❤ Cyber Security | Safety is a priority.</span>
<a href=mailto:3199731997@qq.com class=me-2><i class="fas fa-envelope"></i></a>
<a href="https://wpa.qq.com/msgrd?v=3&uin=3199731997" class=me-2><i class="fab fa-qq"></i></a>
<a href=/images/aixinxianquan.webp class=me-2><i class="fab fa-weixin"></i></a></div></div></div><div class="-mx-2 mt-4 flex flex-col border-t px-2 pt-4 md:flex-row md:justify-between"><div><span class="text-primary-text block font-bold">Previous</span>
<a href=https://b.hui.ke/posts/vulnerability-directory/ class=block>漏洞目录</a></div><div class="mt-4 md:mt-0 md:text-right"><span class="text-primary-text block font-bold">Next</span>
<a href=https://b.hui.ke/posts/windows-file-recovery-help/ class=block>Windows File Recovery 使用帮助</a></div></div><div id=valine-comments class=mt-4></div><script defer src=https://cdn.jsdelivr.net/npm/valine@1.4.16/dist/Valine.min.js integrity=sha384-e0+DNUCJo75aOAzHQbFWYBCM9/S4f0BhRJXvEgbE3mMS85RM20MSSGStHuNdY2QK crossorigin></script>
<script>document.addEventListener("DOMContentLoaded",function(){new Valine({el:"#valine-comments",appId:"BQnVqWIiq78AdqwyhvBVAa3y-MdYXbMMI",appKey:"RKg5By312YjM8rU6WkkfK9IN",recordIP:"true",serverURLs:"https://l.hui.ke",visitor:"true"})})</script></div><div class=col-span-2><div class="bg-secondary-bg prose max-w-none rounded p-6"><h3>Series of Posts</h3><a href=https://b.hui.ke/posts/cyber-security-abbreviations/ class=no-underline>网络安全缩写</a><br><a href=https://b.hui.ke/posts/pentest-code-of-conduct/ class=no-underline>渗透测试行为准则</a><br><a href=https://b.hui.ke/posts/hw-vulnerability-submission-instructions/ class=no-underline>漏洞提交说明</a><br></div><div class="bg-primary-bg
prose sticky top-16 z-10 hidden px-6 py-4 lg:block"><h3>On This Page</h3></div><div class="sticky-toc hidden px-6 pb-6 lg:block"><nav id=TableOfContents><ul><li><a href=#一重要提醒>一、重要提醒</a><ul><li><a href=#请特别注意漏洞的提交规范否则会影响漏洞是否忽略最终定级等判断>请特别注意漏洞的提交规范，否则会影响漏洞是否忽略、最终定级等判断。</a></li><li><a href=#漏洞评审规则>漏洞评审规则</a></li><li><a href=#漏洞接收原则>漏洞接收原则</a></li><li><a href=#敏感数据定义>敏感数据定义</a></li></ul></li><li><a href=#二漏洞提交填写说明>二、漏洞提交填写说明</a><ul><li><a href=#漏洞标题>漏洞标题</a><ul><li><a href=#单一漏洞提交>单一漏洞提交</a></li><li><a href=#组合漏洞提交必须证明漏洞关联性>组合漏洞提交（必须证明漏洞关联性）</a></li></ul></li><li><a href=#漏洞资产重要必填>漏洞资产（重要，必填）</a></li><li><a href=#漏洞-url-位置选填>漏洞 url 位置（选填）</a></li><li><a href=#漏洞-ip选填>漏洞 IP（选填）</a></li><li><a href=#漏洞描述重要必填>漏洞描述（重要，必填）</a></li><li><a href=#影响参数选填>影响参数（选填）</a></li><li><a href=#漏洞-poc-请求包重要必填>漏洞 POC 请求包（重要，必填）</a></li><li><a href=#补充说明选填>补充说明（选填）</a></li><li><a href=#复现步骤重要必填>复现步骤（重要，必填）</a></li><li><a href=#修复方案重要必填>修复方案（重要，必填）</a></li></ul></li></ul></nav></div><script>window.addEventListener("DOMContentLoaded",()=>{enableStickyToc()})</script></div></div><script>document.addEventListener("DOMContentLoaded",()=>{hljs.highlightAll()})</script></div></div></main><footer class=pl-scrollbar><div class="mx-auto w-full max-w-screen-xl"><div class="text-center p-6 pin-b"><script async src=/js/click.js></script><div id=poem_ip></div><script type=text/javascript>jinrishici.load(function(e){tags.innerHTML=e.data.matchTags})</script><div><span id=timeDate>载入年天数...</span><span id=times>载入时分秒...</span>
<script async src=/js/duration.js></script></div><a href=https://www.foreverblog.cn/go.html target=_blank><img src=https://img.foreverblog.cn/wormhole_4_tp.gif alt style=display:inline-block;width:auto;height:32px title=穿梭虫洞-随机访问十年之约友链博客></a><p class="text-sm text-tertiary-text"><script async src=//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js></script>本站总访问量 <span id=busuanzi_value_site_pv></span> 次
&#183; 您是本站的第 <span id=busuanzi_value_site_uv></span> 个小伙伴</p><script async src=/js/tab.js></script></div></div></footer></body></html>